CN108768655A - Dynamic password formation method and system - Google Patents

Dynamic password formation method and system Download PDF

Info

Publication number
CN108768655A
CN108768655A CN201810333149.XA CN201810333149A CN108768655A CN 108768655 A CN108768655 A CN 108768655A CN 201810333149 A CN201810333149 A CN 201810333149A CN 108768655 A CN108768655 A CN 108768655A
Authority
CN
China
Prior art keywords
otp
password
passwords
servers
dynamic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810333149.XA
Other languages
Chinese (zh)
Other versions
CN108768655B (en
Inventor
陈�胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Watchdata Ltd By Share Ltd
Beijing WatchData System Co Ltd
Beijing WatchSmart Technologies Co Ltd
Original Assignee
Beijing Watchdata Ltd By Share Ltd
Beijing WatchSmart Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Watchdata Ltd By Share Ltd, Beijing WatchSmart Technologies Co Ltd filed Critical Beijing Watchdata Ltd By Share Ltd
Priority to CN201810333149.XA priority Critical patent/CN108768655B/en
Publication of CN108768655A publication Critical patent/CN108768655A/en
Application granted granted Critical
Publication of CN108768655B publication Critical patent/CN108768655B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses a kind of dynamic password formation method and system, method therein includes:OTP CA send OTP dynamic passwords to OTP TA and generate application, OTP TA receive OTP permissions passwords by TUI and are verified to OTP permissions passwords, if by verification, OTP dynamic passwords are generated based on preset password generated rule, and shown by TUI.Method, the system of the present invention, the OTP safety approach of mobile terminal based on TEE is provided, it initiates to generate OTP dynamic passwords in REE environment on mobile terminals, into generation in TEE environment and show OTP dynamic passwords, it generates the information needed for password and decrypts acquisition in secure execution environments TEE, it generates and display password is realized in TEE, and interacted with user by TUI, ensure that the safety of business datum.

Description

Dynamic password formation method and system
Technical field
The present invention relates to field of information security technology more particularly to a kind of dynamic password formation method and systems.
Background technology
Development of Mobile Internet technology develop rapidly, bring conveniently, it is convenient while, it is also hidden along with many safety Suffer from.The mobile phone operating system of exploitation formula is easy the software by malice, and the privacy and property of user cannot ensure.International standard Tissue GP (Global Platform) has formulated the standard of TEE (Trusted Execution Environment), and TEE is one The enclosed safety zone of primary processor lastblock in a mobile device, it is ensured that storage, processing and the protection peace of sensitive data It is complete reliable.The software architecture target of TEE is to make to may make that TA (Trusted Applications) is service providers Isolation and credible ability are provided, the function of TA is used by intermediate CA (Client Applications).
OTP (One-time Password, dynamic password) is a kind of safe and efficient account anti-theft technique, can be effective Protection transaction and the certification safety logged in.OTP can generate a time correlation, uncertain for every 60 seconds according to special algorithm Random number word string can only be used primary.OTP algorithm has 2 input factors:Key and dynamic factor.Currently, OTP the most universal Including scratch card, short message verification code, dynamic token (including hardware token and software token) etc..Handset token, short message verification code All under open environment generate, obtain, display and input, safe class is not high, be vulnerable to wooden horse interception, phishing, The attacks such as telecommunication fraud, channel eavesdropping.Dynamic hardware token need to use independent hardware device.It proposes currently on the market In the OTP schemes of mobile terminal, come alternative hardware token, such as short message verification code, software mobile phone token.But mobile terminal There are certain security risk, the generations and display of OTP dynamic passwords to be exposed under open performing environment for OTP schemes, very It is easy obtained by a hacker.After password generates in dynamic password system, it is sent to mobile terminal, after sending password, channel passes Defeated, mobile terminal receives, shows that security risk when OTP dynamic passwords does not all solve.Therefore, it is necessary to a kind of new dynamic mouths Enable the technical solution generated.
Invention content
In view of this, the invention solves a technical problem be to provide a kind of dynamic password formation method and system.
According to an aspect of the present invention, a kind of dynamic password formation method is provided, including:Operate in rich performing environment Dynamic password Client application OTP CA in REE are to the dynamic password trusted application OTP operated in credible performing environment TEE TA sends OTP dynamic passwords and generates application;The OTP TA receive OTP permissions passwords by trusted users interface TUI;It is described OTP TA verify the OTP permissions passwords, if by verification, OTP is generated based on preset password generated rule Dynamic password, and shown by the TUI.
Optionally, described to include based on preset password generated rule generation OTP dynamic passwords:If the OTP licenses Password receives OTP challenge codes by verification, then the OTP TA by the TUI;The OTP TA use OTP challenge codes and base The OTP dynamic passwords are generated in OTP dynamic password algorithms, key.
Optionally, described to include based on preset password generated rule generation OTP dynamic passwords:Dynamic password OTP services Device and the TEE establish escape way;If the OTP permissions passwords pass through the safety by verification, the OTP servers Channel sends password customized information or the OTP dynamic passwords for generating OTP dynamic passwords to the OTP TA;If connect Password customized information is received, then the OTP TA are based on this password customized information and generate the OTP dynamic passwords.
Optionally, if the OTP permissions passwords are by verification, the OTP CA send to the OTP servers and use Family solicited message;After the OTP servers are proved to be successful the user request information, by the escape way and via institute It states OTP CA and sends the password customized information and types of customization to the OTP TA;The OTP TA are fixed according to the password Information and types of customization processed simultaneously generate the OTP dynamic passwords using password algorithm, key.
Optionally, after the OTP servers are proved to be successful the user request information, the OTP dynamic passwords are generated; The OTP servers send the OTP dynamic passwords by the escape way and via the OTP CA to the OTP TA.
Optionally, the OTP CA send OTP dynamic passwords to the OTP TA and generate application and public key certificate;If The OTP permissions passwords send user request information and the public affairs by verification, then the OTP CA to the OTP servers Key certificate;The OTP servers are by public key certificate described in CA server authentications, if be proved to be successful, use the public key Password customized information and types of customization described in public key encryption in certificate, and by the encrypted password customized information and Types of customization is sent to the OTP TA by the OTP CA;The OTP TA are used and the public key phase in the public key certificate The password customized information and types of customization after corresponding private key pair encryption are decrypted.
Optionally, the OTP servers are used by public key certificate described in CA server authentications if be proved to be successful Public key encryption communication key in the public key certificate;Will use the encrypted password customized information of the communication key with And types of customization, encrypted communication key are sent to the OTP TA by the OTP CA;The OTP TA uses and institute It states the communication key after the corresponding private key pair encryption of the public key in public key certificate to be decrypted, obtains communication key, and use The encrypted password customized information and types of customization is decrypted in communication key.
Optionally, the OTP TA are individualized to TAM server application digital certificates;The OTP TA are based on the TAM The instruction that server issues generates public, private key pair and asks to obtain digital certificate to the TAM servers;The TAM services Device will include that the certificate of public, private key centering public key issues request and is sent to trust root server;The trust root server It Generates Certificate and and OTP TA is handed down to by TAM servers;Private key and certificate are stored in TEE by the OTP TA.
Optionally, the OTP CA send REE system times to the OTP TA;When the OTP TA calculate TEE systems Between and the time differences of REE system times be stored in TEE;When generating OTP dynamic passwords in TEE, the OTP TA are obtained Current TEE system times, current REE system times are obtained based on current TEE system times and the time migration, as when Between the factor.
Optionally, the password customized information includes:In challenge code, challenge code and OTP dynamic passwords key, Encryption Algorithm At least one of.
According to another aspect of the invention, a kind of dynamic password generation is provided, including:Dynamic password Client application OTP CA, dynamic password trusted application OTP TA;The OTP CA are operated in rich performing environment REE, for operate in can Believe that the OTP TA in performing environment TEE send OTP dynamic passwords and generate application;The OTP TA, can credit for passing through Family interface TUI receives OTP permissions passwords, is verified to the OTP permissions passwords, if by verification, based on preset Password generated rule generates OTP dynamic passwords, and is shown by the TUI.
Optionally, the OTP TA, if received by the TUI by verification for the OTP permissions passwords OTP challenge codes;The OTP dynamic passwords are generated using OTP challenge codes and based on OTP dynamic password algorithms, key.
Optionally, further include:Dynamic password OTP servers, the OTP servers and the TEE establish escape way;Institute OTP servers are stated, if sent to the OTP TA by the escape way by verification for the OTP permissions passwords Password customized information for generating OTP dynamic passwords or the OTP dynamic passwords;The OTP TA, if for receiving Password customized information is then based on this password customized information and generates the OTP dynamic passwords.
Optionally, the OTP CA, if sent out to the OTP servers by verification for the OTP permissions passwords Send user request information;The OTP servers are logical by the safety after being proved to be successful to the user request information Road simultaneously sends the password customized information and types of customization via the OTP CA to the OTP TA;The OTP TA are used According to the password customized information and types of customization and use password algorithm, the key generation OTP dynamic passwords.
Optionally, the OTP servers generate the OTP dynamics after being proved to be successful to the user request information Password;The OTP dynamic passwords are sent by the escape way and via the OTP CA to the OTP TA.
Optionally, the OTP CA generate application and public key card for sending OTP dynamic passwords to the OTP TA Book;If the OTP permissions passwords send user request information and the public key by verification, to the OTP servers Certificate;The OTP servers, for by public key certificate described in CA server authentications, if be proved to be successful, using the public affairs Password customized information and types of customization described in public key encryption in key certificate, and by the encrypted password customized information with And types of customization is sent to the OTP TA by the OTP CA;The OTP TA, for use in the public key certificate The corresponding private key pair encryption of public key after the password customized information and types of customization be decrypted.
Optionally, the OTP servers, for passing through public key certificate described in CA server authentications, if be proved to be successful, Use the public key encryption communication key in the public key certificate;The encrypted password customization letter of the communication key will be used Breath and types of customization, encrypted communication key are sent to the OTP TA by the OTP CA;The OTP TA, are used for It is decrypted using the communication key after private key pair encryption corresponding with the public key in the public key certificate, it is close to obtain communication Key, and the encrypted password customized information and types of customization are decrypted using communication key.
Optionally, further include:TAM servers and trust root server;The OTP TA are used for TAM server applications Digital certificate is individualized;Public, private key pair is generated based on the instruction that the TAM servers issue and is asked to the TAM servers Seek acquisition digital certificate;The TAM servers, for will include that the certificate of public, private key centering public key issues request and sends Give trust root server;The trust root server, for Generating Certificate and being handed down to the OTP TA by TAM servers; Private key and certificate are stored in TEE by the OTP TA.
Optionally, the OTP CA, for sending REE system times to the OTP TA;The OTP TA, for calculating The time difference of TEE system times and REE system times is stored in TEE;When generating OTP dynamic passwords in TEE, obtain Current TEE system times obtain current REE system times, as the time based on current TEE system times and the time migration The factor.
Optionally, the password customized information includes:In challenge code, challenge code and OTP dynamic passwords key, Encryption Algorithm At least one of.
According to another aspect of the invention, a kind of dynamic password generation is provided, including:Memory;And it is coupled to The processor of the memory, the processor are configured as, based on the instruction being stored in the memory, executing institute as above The method stated.
In accordance with a further aspect of the present invention, a kind of computer readable storage medium is provided, computer program is stored thereon with The step of instruction, which realizes method as described above when being executed by one or more processors.
The dynamic password formation method and system of the present invention, OTP CA send OTP dynamic passwords to OTP TA and generate application, OTP TA receive OTP permissions passwords by TUI and are verified to OTP permissions passwords, if by verification, based on preset Password generated rule generates OTP dynamic passwords, and is shown by TUI;The OTP safety of mobile terminal based on TEE is provided Scheme is initiated in REE environment on mobile terminals to generate OTP dynamic passwords, into generating and show that OTP is dynamic in TEE environment State password generates the information needed for password and decrypts acquisition in secure execution environments TEE, generates and display password is real in TEE It is existing, and interacted with user by TUI, it ensure that the safety of business datum.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention without having to pay creative labor, may be used also for those of ordinary skill in the art With obtain other attached drawings according to these attached drawings.
Fig. 1 is the flow diagram according to one embodiment of the dynamic password formation method of the present invention;
Fig. 2 is the OTP dynamic password generating process in one embodiment according to the dynamic password formation method of the present invention In information exchange schematic diagram;
Fig. 3 is that the OTP dynamic passwords in another embodiment according to the dynamic password formation method of the present invention generated Information exchange schematic diagram in journey;
Fig. 4 is that the OTP dynamic passwords in another embodiment according to the dynamic password formation method of the present invention generated Information exchange schematic diagram in journey;
Fig. 5 is the module diagram according to one embodiment of the dynamic password generation of the present invention;
Fig. 6 is the module diagram according to another embodiment of the dynamic password generation of the present invention.
Specific implementation mode
Carry out the various exemplary embodiments of detailed description of the present invention now with reference to attached drawing.It should be noted that:Unless in addition having Body illustrates that the unlimited system of component and the positioned opposite of step, numerical expression and the numerical value otherwise illustrated in these embodiments is originally The range of invention.
Simultaneously, it should be appreciated that for ease of description, the size of attached various pieces shown in the drawings is not according to reality Proportionate relationship draw.
It is illustrative to the description only actually of at least one exemplary embodiment below, is never used as to the present invention And its application or any restrictions that use.
Technology, method and apparatus known to person of ordinary skill in the relevant may be not discussed in detail, but suitable In the case of, the technology, method and apparatus should be considered as part of specification.
It should be noted that:Similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi It is defined, then it need not be further discussed in subsequent attached drawing in a attached drawing.
The embodiment of the present invention can be applied to computer system/server, can be with numerous other general or specialized calculating System environments or configuration operate together.Suitable for be used together with computer system/server well-known computing system, ring The example of border and/or configuration includes but not limited to:Smart mobile phone, personal computer system, server computer system, Thin clients Machine, thick client computer, hand-held or laptop devices, microprocessor-based system, set-top box, programmable consumer electronics, network PC, little types Ji calculate machine Xi Tong ﹑ large computer systems and the distributed cloud computing technology ring including any of the above described system Border, etc..
Computer system/server can be in computer system executable instruction (such as journey executed by computer system Sequence module) general context under describe.In general, program module may include routine, program, target program, component, logic, number According to structure etc., they execute specific task or realize specific abstract data type.Computer system/server can be with Implement in distributed cloud computing environment, in distributed cloud computing environment, task is long-range by what is be linked through a communication network Manage what equipment executed.In distributed cloud computing environment, program module can be positioned at the Local or Remote meter for including storage device It calculates in system storage medium.
Fig. 1 is according to the flow diagram of one embodiment of the dynamic password formation method of the present invention, as shown in Figure 1:
Step 101, the dynamic password Client application OTP CA operated in rich performing environment REE are to operating in credible execution Dynamic password trusted application OTP TA in environment TEE send OTP dynamic passwords and generate application.
Rich performing environment REE (rich execution environment) is the ring by rich operating system management and control Border, corresponding with TEE, rich performing environment and the application operated in it have the characteristics that dangerous, incredible.Credible execution Environment TEE (trusted execution environment) is present in mobile terminal device, with rich performing environment phase point From safety zone.It is separated with the application above rich performing environment and rich performing environment, it is ensured that various sensitive datas exist In one trusted context by storage, handle and be protected, while credible performing environment is to be loaded in trusted application therein and carry For the performing environment of a safety.
CA operates in REE common applications, can ask to operate in the TA in TEE by the Client API for calling TEE to provide Security service.TA is the application operated in TEE, the hardware resource controlled by the API Access TEE for calling TEE to provide.It is credible User interface TUI (trusted user interface) is to be applied by the TA that TEE is controlled, and provides user information and shows, with REE The user interface of isolation.After needing user to log in, it can just select to generate OTP dynamic passwords and generate to apply.
Step 102, OTP TA receive OTP permissions passwords by trusted users interface TUI.
TUI operates in credible performing environment, a variety of dummy keyboard configurations can also be provided in TUI, such as numeric keypad, letter Keyboard, keyboard symbol etc..
Step 103, OTP TA verify OTP permissions passwords, if by verification, are based on preset password generated Rule generates OTP dynamic passwords, and is shown by TUI.
Dynamic password formation method in above-described embodiment provides the OTP safety approach of the mobile terminal based on TEE, It initiates to generate OTP dynamic passwords in REE environment on mobile terminal, into generation in TEE environment and shows OTP dynamic passwords.
In one embodiment, if OTP permissions passwords are by verification, OTP TA receive OTP challenge codes by TUI. OTP TA generate OTP dynamic passwords using OTP challenge codes and based on OTP dynamic password algorithms, key.
Traditional challenge/response formula OTP, user inputs on challenge code to token, and after user is totally lost, it is close to click generation dynamic Code button, you can obtain OTP dynamic passwords.Token can be example, in hardware, can also be software form.In the mistake for generating password Cheng Zhong, password will not be intercepted in network transmission.Hardware token security risk is low, but need to carry corresponding token device, compared with For inconvenience.The challenge of software form/response formula OTP token, be mounted on mobile terminal, but in develop formula environment generate with Show that password, security level are relatively low.Traditional challenge provided by the invention/response formula TEE schemes, compared with software token mode, Enhanced in safety, user inputs challenge code in the TUI of closed environment TEE, generation and display port in TEE It enables.
For example, as shown in Fig. 2, being provided with the information such as OTP algorithm key, password algorithm in OTP TA.Mobile terminal REE In OTP CA initiate to generate the request of OTP dynamic passwords to OTP TA, TUI screens are popped up in TEE, input OTP is prompted to permit mouth It enables.After OTP TA verification OTP permissions passwords are correct, then TUI screens are popped up, prompts input challenge code.If OTP TA verifications OTP is permitted Can password failure, then return to failure information to OTP CA.Challenge code that OTP TA are inputted in TUI using user and storage The information such as OTP algorithm key, password algorithm generate OTP dynamic passwords, pop up TUI screens and include in TUI by OTP dynamic passwords In.
In one embodiment, dynamic password OTP servers and TEE establish escape way.If OTP permissions passwords pass through Verification, OTP servers send the password customized information or OTP for generating OTP dynamic passwords by escape way to OTP TA Dynamic password.If receiving password customized information, OTP TA are based on this password customized information and generate OTP dynamic passwords.Mouthful The customized information is enabled to include:At least one of in challenge code, challenge code and OTP dynamic passwords key, Encryption Algorithm.
If OTP permissions passwords send user request information by verification, OTP CA to OTP servers.OTP servers After being proved to be successful to user request information, by escape way and via OTP CA to OTP TA send password customized information and Types of customization.OTP TA generate OTP dynamic mouths according to password customized information and types of customization and using password algorithm, key etc. It enables.After OTP servers are proved to be successful user request information, OTP dynamic passwords can also be directly generated, OTP servers pass through Escape way simultaneously sends OTP dynamic passwords via OTP CA to OTP TA.
In OTP information customized solutions, escape way is established between OTP servers and mobile terminal device, OTP can be taken The information such as the challenge code for device dynamic generation of being engaged in are transferred to by escape way in mobile device TEE.OTP servers and TEE are established There are many ways to escape way, for example, by GP agreements, key code system method (as number is demonstrate,proved between OTP servers and TEE Book, digital envelope etc.), the higher whitepack cipher mode of safety level etc. establish escape way.
OTP servers can select the information of a variety of customizations to be transmitted.For example, if OTP servers generate OTP and move State password then directly transmits OTP dynamic passwords, is not necessarily to generate OTP dynamic passwords in OTP TA, the safety directly in TUI screens Show OTP dynamic passwords;OTP servers can send challenge code, send challenge code and OTP dynamic passwords key, transmission challenge Code and OTP dynamic passwords key and Encryption Algorithm etc. are based on pre-set information by OTP TA and generate OTP dynamic passwords.
For example, as shown in figure 3, OTP CA initiate the request of OTP dynamic passwords, the pop-up TUI screens in TEE prompt input OTP Permissions password.After OTP TA verification OTP permissions passwords inputs are correct, return success and OTP CA, OTP CA is given to submit user Solicited message gives OTP servers.If OTP TA return to failure information, OTP CA do not submit user request information.To ensure The safety of channel establishes escape way between OTP servers and the TEE of mobile terminal.OTP servers receive request, verification User identity sends the passwords customized informations such as challenge code by escape way and types of customization gives OTP CA, OTP CA that will connect The information received is transmitted to OTP TA.Password customized information and user information are stored in local by OTP servers.
OTP TA, which are obtained, generates password information needed (then needing first to decrypt if it is ciphertext), according to the information type of customization with And the existing information of OTP TA, it is calculated using password algorithm and generates OTP dynamic passwords.After OTP TA are successfully generated password, pop-up OTP dynamic passwords are included in TUI by TUI screens.OTP dynamic mouths can be inputted in corresponding terminal (being not limited to mobile terminal) Order is sent to OTP servers.If it is mobile terminal, password information need to be inputted in a secure environment.OTP servers receive OTP Dynamic password generates OTP dynamic passwords according to the information such as user information, challenge code and password algorithm oneself, the OTP received is moved State password and the OTP dynamic passwords oneself generated are compared.
In one embodiment, OTP TA are individualized to TAM server application digital certificates.OTP TA are serviced based on TAM The instruction that device issues generates public, private key pair and asks to obtain digital certificate to TAM servers.TAM servers will include it is public, The certificate of private key centering public key issues request and is sent to trust root server.Trust root server to Generate Certificate and and pass through TAM servers are handed down to OTP TA;Private key and certificate are stored in TEE by OTP TA.
OTP CA send OTP dynamic passwords to OTP TA and generate application and public key certificate.If OTP permissions passwords pass through It verifies, then OTP CA send user request information and public key certificate to OTP servers.OTP servers are tested by CA servers Public key certificate is demonstrate,proved, if be proved to be successful, using the public key encryption password customized information and types of customization in public key certificate, and Encrypted password customized information and types of customization are sent to OTP TA by OTP CA.OTP TA are used and public key certificate In the corresponding private key pair encryption of public key after password customized information and types of customization be decrypted.
OTP servers are by CA server authentication public key certificate, if be proved to be successful, can also use in public key certificate Public key encryption communication key will use the encrypted password customized information of communication key and types of customization, encrypted communication Key is sent to OTP TA by OTP CA.After OTP TA use private key pair encryption corresponding with the public key in public key certificate Communication key is decrypted, and obtains communication key, and using communication key to encrypted password customized information and customization class Type is decrypted.
OTP servers are directly and OTP TA directly can establish escape way by key code system method, and OTP servers make It is sent to OTP TA with the public key encryption password customized information in the public key certificate of OTP TA.OTP TA are to TAM server applications Digital certificate is individualized, and certificate individualized operation completes after installing OTP TA, OTP TA and TAM servers (Trusted Application Manager, trusted application management server) it is interactive, issue a command to OTP TA, OTP TA under TAM servers It generates key pair and asks to obtain certificate.TAM server packaging informations forward the request to trust root server, root of trust service It issues licence under device and gives OTP TA.Private key and Credential-Security are stored in TEE by OTP TA, such as are stored encrypted in permanent objects text In part.
For example, as shown in figure 4, OTP CA, which initiate OTP dynamic password request Concurrencies, send public key certificate.TUI is popped up in TEE Screen prompts input OTP permissions passwords.After verifying the input correctly of OTP permissions passwords in TEE, OTP CA submit user to ask letter Breath, certificate give OTP servers.OTP servers are generated if legal and are sent needed for password to CA server authentication certificates Customized information is sent to OTP CA using the public key encryption in certificate, is transmitted to OTP TA by OTP CA, OTP TA use correspondence Private key decryption obtain information.One communication key can be also set on OTP servers, added using the public key in OTP TA certificates Close communication key, communication key encryption customized information are sent to OTP CA agencies.OTP TA are obtained using the decryption of corresponding private key Communication key is decrypted using communication key and obtains customized information.
In one embodiment, OTP CA send REE system times to OTP TA, OTP TA calculate TEE system times and The time difference of REE system times is stored in TEE.When generating OTP dynamic passwords in TEE, OTP TA obtain current TEE System time obtains current REE system times, as time factor based on current TEE system times and time migration.
For example, OTP CA give OTP TA to send order, be passed to REE system times, OTP TA calculate TEE system times and The time migration of REE system times, time migration=TEE system time-REE times, time migration is stored in TEE, often The error of secondary time difference is ignored.When OTP TA carry out the calculating of OTP dynamic passwords in TEE, current TEE systems are obtained first Time, due to time migration=current TEE system times-current REE times, when to current REE times=current TEE systems M- time migration, i.e. time factor input the factor by key, time factor etc., OTP dynamic mouths are calculated using OTP algorithm It enables.OTP CA send order 1 and give OTP TA, are introduced into TEE, pop up TUI screens, and input is prompted to generate OTP permissions passwords.OTP TA verifies password, returns result to OTP CA.After OTP permissions passwords are proved to be successful, OTP CA send order 2, are passed to REE systems It unites the time, requests to generate OTP dynamic passwords.
In one embodiment, as shown in figure 5, the present invention provides a kind of dynamic password generation, including:Dynamic password Client application OTP CA 51, dynamic password trusted application OTP TA 52, OTP servers 53, TAM servers 54 and root of trust clothes Business device 55.OTP CA 51 exist generally in the form of APP, can support more OTP users, to run on the OTP CA agencies under REE. Trust root server 55 to be used to issue, update, verify certificate etc..TAM servers 54 are mainly responsible for TEE TA and individualize flow. System is included before OTP TA and CA can dispatch from the factory, and can also be serviced by TAM in the later stage and download acquisition.
OTP CA 51 are operated in rich performing environment REE, are sent to the OTP TA operated in credible performing environment TEE OTP dynamic passwords generate application.OTP TA 52 receive OTP permissions passwords by trusted users interface TUI, to OTP permissions passwords It is verified.If by verification, OTP TA 52 are based on preset password generated rule and generate OTP dynamic passwords, and pass through TUI is shown.If OTP permissions passwords are received OTP challenge codes by TUI, are chosen using OTP by verification, OTP TA 52 War code simultaneously generates OTP dynamic passwords based on OTP dynamic password algorithms, key.
In one embodiment, OTP servers 53 and TEE establish escape way.If OTP permissions passwords by verification, OTP servers 53 send the password customized information or OTP for generating OTP dynamic passwords by escape way to OTP TA 52 Dynamic password.If receiving password customized information, OTP TA 52 are based on this password customized information and generate OTP dynamic passwords.
If OTP permissions passwords send user request information by verification, OTP CA 51 to OTP servers 53.OTP After server 53 is proved to be successful user request information, mouth is sent by escape way and via OTP CA 51 to OTP TA 52 Enable customized information and types of customization.OTP TA 52 are according to password customized information and types of customization and use password algorithm, close Key generates OTP dynamic passwords.Password customized information includes:In challenge code, challenge code and OTP dynamic passwords key, Encryption Algorithm At least one of.After OTP servers 53 can also be proved to be successful user request information, OTP dynamic passwords are generated;Pass through safety Channel simultaneously sends OTP dynamic passwords via OTP CA 51 to OTP TA 52.
In one embodiment, OTP CA 51 send OTP dynamic passwords to OTP TA 52 and generate application and public key card Book.If OTP permissions passwords send user request information and public key card by verification, OTP CA 51 to OTP servers 53 Book.OTP servers 53 are by CA server authentication public key certificate, if be proved to be successful, added using the public key in public key certificate Password customized information and types of customization, and encrypted password customized information and types of customization are passed through into OTP CA 51 It is sent to OTP TA 52.OTP TA 52 are customized using the password after private key pair encryption corresponding with the public key in public key certificate Information and types of customization are decrypted.
OTP servers 53 are by CA server authentication public key certificate, if be proved to be successful, use the public affairs in public key certificate Key encryption communication key will use the encrypted password customized information of communication key and types of customization, encrypted communication close Key is sent to OTP TA 52 by OTP CA 51.OTP TA 52 use private key pair corresponding with the public key in public key certificate Encrypted communication key is decrypted, obtain communication key, and using communication key to encrypted password customized information with And types of customization is decrypted.
OTP TA 52 are individualized to TAM server application digital certificates, generated based on the instruction that TAM servers 54 issue Public, private key pair simultaneously asks to obtain digital certificate to TAM servers 54.TAM servers 54 will include public, private key centering public affairs The certificate of key, which issues request and is sent to, trusts root server 55.Trust root server 55 to Generate Certificate and by TAM servers 54 It is handed down to OTP TA 52.Private key and certificate are stored in TEE by OTP TA 52.
OTP CA 51 send REE system times to OTP TA 52, and OTP TA 52 calculate TEE system times and REE systems The time difference of time is stored in TEE.When generating OTP dynamic passwords in TEE, current TEE system times are obtained, are based on Current TEE system times and time migration obtain current REE system times, as time factor.
Fig. 6 is the module diagram according to another embodiment of dynamic password generation disclosed by the invention.Such as Fig. 6 Shown, which may include memory 61, processor 62, communication interface 63.Memory 61 for storing instruction, 62 coupling of processor Memory 61 is closed, processor 62 is configured as realizing above-mentioned method based on the instruction execution that memory 61 stores.
Memory 61 can be high-speed RAM memory, nonvolatile memory (NoN-volatile memory) etc., deposit Reservoir 61 can also be memory array.Processor 62 can be central processor CPU or application-specific integrated circuit ASIC (Application Specific Integrated Circuit), or be arranged to implement disclosed by the invention credible Application operating asks one or more integrated circuits of checking method.
In one embodiment, the disclosure also provides a kind of computer readable storage medium, wherein computer-readable storage Media storage has computer instruction, instruction to realize the method that any embodiment as above is related to when being executed by processor.In the art Technical staff it should be appreciated that embodiment of the disclosure can be provided as method, apparatus or computer program product.Therefore, the disclosure Complete hardware embodiment, the form of complete software embodiment or embodiment combining software and hardware aspects can be used.Moreover, The disclosure can be used can be stored in the computer that one or more wherein includes computer usable program code with non-transient The form for the computer program product implemented on medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.).
The disclosure is reference according to the method for the embodiment of the present disclosure, the flow chart of equipment (system) and computer program product And/or block diagram describes.It should be understood that each flow in flowchart and/or the block diagram can be realized by computer program instructions And/or the combination of the flow and/or box in box and flowchart and/or the block diagram.These computer programs can be provided to refer to Enable the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to generate One machine so that by the instruction that computer or the processor of other programmable data processing devices execute generate for realizing The device for the function of being specified in one flow of flow chart or multiple flows and/or one box of block diagram or multiple boxes.
The dynamic password formation method and system provided in above-described embodiment, OTP CA send OTP dynamic mouths to OTP TA It enabling and generates application, OTP TA receive OTP permissions passwords by TUI and are verified to OTP permissions passwords, if by verification, It is then based on preset password generated rule and generates OTP dynamic passwords, and shown by TUI;Mobile end based on TEE is provided The OTP safety approach at end initiates in REE environment on mobile terminals to generate OTP dynamic passwords, into being generated in TEE environment With display OTP dynamic passwords, generates the information needed for password and decrypt acquisition, generation and display port in secure execution environments TEE Order is realized in TEE, and is interacted with user by TUI, ensure that the safety of business datum.
The method and system of the present invention may be achieved in many ways.For example, can by software, hardware, firmware or Software, hardware, firmware any combinations come realize the present invention method and system.The said sequence of the step of for method is only In order to illustrate, the step of method of the invention, is not limited to sequence described in detail above, especially says unless otherwise It is bright.In addition, in some embodiments, also the present invention can be embodied as to record program in the recording medium, these programs include For realizing machine readable instructions according to the method for the present invention.Thus, the present invention also covers storage for executing according to this hair The recording medium of the program of bright method.
Description of the invention provides for the sake of example and description, and is not exhaustively or will be of the invention It is limited to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.It selects and retouches It states embodiment and is to more preferably illustrate the principle of the present invention and practical application, and those skilled in the art is enable to manage Various embodiments with various modifications of the solution present invention to design suitable for special-purpose.

Claims (22)

1. a kind of dynamic password formation method, which is characterized in that including:
The dynamic password Client application OTP CA operated in rich performing environment REE are to operating in credible performing environment TEE Dynamic password trusted application OTP TA send OTP dynamic passwords and generate application;
The OTP TA receive OTP permissions passwords by trusted users interface TUI;
The OTP TA verify the OTP permissions passwords, if by verification, based on preset password generated rule OTP dynamic passwords are generated, and are shown by the TUI.
2. the method as described in claim 1, which is characterized in that described to generate OTP dynamics based on preset password generated rule Password includes:
If the OTP permissions passwords receive OTP challenge codes by verification, the OTP TA by the TUI;
The OTP TA generate the OTP dynamic passwords using OTP challenge codes and based on OTP dynamic password algorithms, key.
3. the method as described in claim 1, which is characterized in that described to generate OTP dynamics based on preset password generated rule Password includes:
Dynamic password OTP servers and the TEE establish escape way;
If the OTP permissions passwords are sent by the escape way to the OTP TA by verification, the OTP servers Password customized information for generating OTP dynamic passwords or the OTP dynamic passwords;
If receiving password customized information, the OTP TA are based on this password customized information and generate the OTP dynamic passwords.
4. method as claimed in claim 3, which is characterized in that further include:
If the OTP permissions passwords send user request information by verification, the OTP CA to the OTP servers;
After the OTP servers are proved to be successful the user request information, by the escape way and via the OTP CA sends the password customized information and types of customization to the OTP TA;
The OTP TA generate the OTP according to the password customized information and types of customization and using password algorithm, key Dynamic password.
5. method as claimed in claim 4, which is characterized in that further include:
After the OTP servers are proved to be successful the user request information, the OTP dynamic passwords are generated;
The OTP servers send the OTP dynamics by the escape way and via the OTP CA to the OTP TA Password.
6. method as claimed in claim 4, which is characterized in that further include:
The OTP CA send OTP dynamic passwords to the OTP TA and generate application and public key certificate;
If the OTP permissions passwords by verification, the OTP CA to the OTP servers send user request information with And the public key certificate;
The OTP servers are by public key certificate described in CA server authentications, if be proved to be successful, use the public key certificate In public key encryption described in password customized information and types of customization, and by the encrypted password customized information and customization Type is sent to the OTP TA by the OTP CA;
The OTP TA use the password customization letter after private key pair encryption corresponding with the public key in the public key certificate Breath and types of customization are decrypted.
7. the method as shown in claim 6, which is characterized in that further include:
The OTP servers are by public key certificate described in CA server authentications, if be proved to be successful, use the public key certificate In public key encryption communication key;
The encrypted password customized information of the communication key and types of customization, encrypted communication key will be used to lead to It crosses the OTP CA and is sent to the OTP TA;
The OTP TA use the communication key after private key pair encryption corresponding with the public key in the public key certificate to be solved It is close, communication key is obtained, and the encrypted password customized information and types of customization are decrypted using communication key Processing.
8. the method as shown in claim 6, which is characterized in that further include:
The OTP TA are individualized to TAM server application digital certificates;
The OTP TA generate public, private key pair based on the instruction that the TAM servers issue and are asked to the TAM servers Obtain digital certificate;
The TAM servers will include that the certificate of public, private key centering public key issues request and is sent to trust root server;
The trust root server Generates Certificate and and is handed down to OTP TA by TAM servers;
Private key and certificate are stored in TEE by the OTP TA.
9. method as claimed in claim 8, which is characterized in that
The OTP CA send REE system times to the OTP TA;
The OTP TA calculate TEE system times and the time difference of REE system times is stored in TEE;
When generating OTP dynamic passwords in TEE, the OTP TA obtain current TEE system times, are based on current TEE systems Time and the time migration obtain current REE system times, as time factor.
10. method as claimed in claim 3, which is characterized in that
The password customized information includes:At least one of in challenge code, challenge code and OTP dynamic passwords key, Encryption Algorithm.
11. a kind of dynamic password generation, which is characterized in that including:
Dynamic password Client application OTP CA, dynamic password trusted application OTP TA;
The OTP CA are operated in rich performing environment REE, for the OTP operated in credible performing environment TEE TA sends OTP dynamic passwords and generates application;
The OTP TA test the OTP permissions passwords for receiving OTP permissions passwords by trusted users interface TUI If card generates OTP dynamic passwords, and shown by the TUI by verification based on preset password generated rule Show.
12. system as claimed in claim 11, which is characterized in that
The OTP TA receive OTP challenge codes if for the OTP permissions passwords by verification by the TUI;Make The OTP dynamic passwords are generated with OTP challenge codes and based on OTP dynamic password algorithms, key.
13. system as claimed in claim 11, which is characterized in that further include:Dynamic password OTP servers, the OTP services Device and the TEE establish escape way;
The OTP servers, if for the OTP permissions passwords by verification, by the escape way to the OTP TA sends password customized information or the OTP dynamic passwords for generating OTP dynamic passwords;
If the OTP TA generate the OTP dynamics for receiving password customized information based on this password customized information Password.
14. system as claimed in claim 13, which is characterized in that
The OTP CA send user's request if for the OTP permissions passwords by verification to the OTP servers Information;
The OTP servers, after being proved to be successful to the user request information, by the escape way and via described OTP CA send the password customized information and types of customization to the OTP TA;
The OTP TA, for generating institute according to the password customized information and types of customization and using password algorithm, key State OTP dynamic passwords.
15. system as claimed in claim 14, which is characterized in that
The OTP servers generate the OTP dynamic passwords after being proved to be successful to the user request information;Pass through institute It states escape way and sends the OTP dynamic passwords to the OTP TA via the OTP CA.
16. system as claimed in claim 14, which is characterized in that further include:
The OTP CA generate application and public key certificate for sending OTP dynamic passwords to the OTP TA;If described OTP permissions passwords then send user request information and the public key certificate by verification to the OTP servers;
The OTP servers, for by public key certificate described in CA server authentications, if be proved to be successful, using the public affairs Password customized information and types of customization described in public key encryption in key certificate, and by the encrypted password customized information with And types of customization is sent to the OTP TA by the OTP CA;
The OTP TA, for fixed using the password after private key pair encryption corresponding with the public key in the public key certificate Information and types of customization processed are decrypted.
17. the system as shown in claim 16, which is characterized in that
The OTP servers, for by public key certificate described in CA server authentications, if be proved to be successful, using the public affairs Public key encryption communication key in key certificate;The encrypted password customized information of the communication key and customization will be used Type, encrypted communication key are sent to the OTP TA by the OTP CA;
The OTP TA, for using the communication key after private key pair encryption corresponding with the public key in the public key certificate into Row decryption is obtained communication key, and is carried out to the encrypted password customized information and types of customization using communication key Decryption processing.
18. the system as shown in claim 16, which is characterized in that further include:
TAM servers and trust root server;
The OTP TA, for individualized to TAM server application digital certificates;The instruction issued based on the TAM servers It generates public, private key pair and asks to obtain digital certificate to the TAM servers;
The TAM servers, for will include that the certificate of public, private key centering public key issues request and is sent to root of trust service Device;
The trust root server, for Generating Certificate and being handed down to the OTP TA by TAM servers;
Private key and certificate are stored in TEE by the OTP TA.
19. system as claimed in claim 18, which is characterized in that
The OTP CA, for sending REE system times to the OTP TA;
The OTP TA, the time difference for calculating TEE system times and REE system times are stored in TEE;When in TEE When middle generation OTP dynamic passwords, current TEE system times are obtained, are obtained based on current TEE system times and the time migration Current REE system times, as time factor.
20. system as claimed in claim 13, which is characterized in that
The password customized information includes:At least one of in challenge code, challenge code and OTP dynamic passwords key, Encryption Algorithm.
21. a kind of dynamic password generation, which is characterized in that including:
Memory;And it is coupled to the processor of the memory, the processor is configured as being based on being stored in the storage Instruction in device executes the method as described in any one of claims 1 to 10.
22. a kind of computer readable storage medium, is stored thereon with computer program instructions, which is handled by one or more The step of method described in claims 1 to 10 any one is realized when device executes.
CN201810333149.XA 2018-04-13 2018-04-13 Dynamic password generation method and system Active CN108768655B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810333149.XA CN108768655B (en) 2018-04-13 2018-04-13 Dynamic password generation method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810333149.XA CN108768655B (en) 2018-04-13 2018-04-13 Dynamic password generation method and system

Publications (2)

Publication Number Publication Date
CN108768655A true CN108768655A (en) 2018-11-06
CN108768655B CN108768655B (en) 2022-01-18

Family

ID=64010734

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810333149.XA Active CN108768655B (en) 2018-04-13 2018-04-13 Dynamic password generation method and system

Country Status (1)

Country Link
CN (1) CN108768655B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110264192A (en) * 2019-05-20 2019-09-20 阿里巴巴集团控股有限公司 Receipt storage method and node based on type of transaction
CN112596802A (en) * 2019-09-17 2021-04-02 华为技术有限公司 Information processing method and device
CN113792276A (en) * 2021-11-11 2021-12-14 麒麟软件有限公司 Operating system user identity authentication method and system based on dual-architecture

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105429760A (en) * 2015-12-01 2016-03-23 神州融安科技(北京)有限公司 Method and system for identity verification of digital certificate based on TEE (Trusted Execution Environment)
CN105516104A (en) * 2015-12-01 2016-04-20 神州融安科技(北京)有限公司 Identity verification method and system of dynamic password based on TEE (Trusted execution environment)
WO2016137277A1 (en) * 2015-02-27 2016-09-01 Samsung Electronics Co., Ltd. Electronic device providing electronic payment function and operating method thereof
CN105978917A (en) * 2016-07-19 2016-09-28 恒宝股份有限公司 System and method for trusted application security authentication
EP3120287A1 (en) * 2014-03-20 2017-01-25 Oracle International Corporation System and method for deriving secrets from a master key bound to an application on a device
CN106506472A (en) * 2016-11-01 2017-03-15 黄付营 A kind of safe mobile terminal digital certificate method and system
CN106878231A (en) * 2015-12-10 2017-06-20 中国电信股份有限公司 Method, user terminal and system for realizing secure user data transmission
CN107870788A (en) * 2016-09-26 2018-04-03 展讯通信(上海)有限公司 The startup method and terminal device of terminal device under more credible performing environment

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3120287A1 (en) * 2014-03-20 2017-01-25 Oracle International Corporation System and method for deriving secrets from a master key bound to an application on a device
WO2016137277A1 (en) * 2015-02-27 2016-09-01 Samsung Electronics Co., Ltd. Electronic device providing electronic payment function and operating method thereof
CN105429760A (en) * 2015-12-01 2016-03-23 神州融安科技(北京)有限公司 Method and system for identity verification of digital certificate based on TEE (Trusted Execution Environment)
CN105516104A (en) * 2015-12-01 2016-04-20 神州融安科技(北京)有限公司 Identity verification method and system of dynamic password based on TEE (Trusted execution environment)
CN106878231A (en) * 2015-12-10 2017-06-20 中国电信股份有限公司 Method, user terminal and system for realizing secure user data transmission
CN105978917A (en) * 2016-07-19 2016-09-28 恒宝股份有限公司 System and method for trusted application security authentication
CN107870788A (en) * 2016-09-26 2018-04-03 展讯通信(上海)有限公司 The startup method and terminal device of terminal device under more credible performing environment
CN106506472A (en) * 2016-11-01 2017-03-15 黄付营 A kind of safe mobile terminal digital certificate method and system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110264192A (en) * 2019-05-20 2019-09-20 阿里巴巴集团控股有限公司 Receipt storage method and node based on type of transaction
CN110264192B (en) * 2019-05-20 2021-08-06 创新先进技术有限公司 Receipt storage method and node based on transaction type
CN112596802A (en) * 2019-09-17 2021-04-02 华为技术有限公司 Information processing method and device
CN112596802B (en) * 2019-09-17 2022-07-12 华为技术有限公司 Information processing method and device
CN113792276A (en) * 2021-11-11 2021-12-14 麒麟软件有限公司 Operating system user identity authentication method and system based on dual-architecture

Also Published As

Publication number Publication date
CN108768655B (en) 2022-01-18

Similar Documents

Publication Publication Date Title
US10491379B2 (en) System, device, and method of secure entry and handling of passwords
JP6818679B2 (en) Secure host card embroidery credentials
US7606560B2 (en) Authentication services using mobile device
US9426134B2 (en) Method and systems for the authentication of a user
US11501294B2 (en) Method and device for providing and obtaining graphic code information, and terminal
US10045210B2 (en) Method, server and system for authentication of a person
RU2560810C2 (en) Method and system for protecting information from unauthorised use (versions thereof)
US20130290718A1 (en) Mobile storage device and the data processing system and method based thereon
CN108616352A (en) Dynamic password formation method based on safety element and system
KR20170140215A (en) Methods and systems for transaction security
JP2024079694A (en) System and method for pre-authentication of customer support calls - Patents.com
CN108768655A (en) Dynamic password formation method and system
EP3841731B1 (en) Securing sensitive user data across hardware and software components having unbalanced trust levels
KR101795849B1 (en) Authentication apparatus and method for connectivity of fintech services, and computer program for the same
KR20160008012A (en) User authentification method in mobile terminal
Corella et al. Fundamental Security Flaws in the 3-D Secure 2 Cardholder Authentication Specification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant